OpenAI Releases Full GPT-5.5-Cyber, Codex Log Write Vulnerability Exposed

OpenAI today announced the expansion of its Daybreak security initiative, releasing the full version of GPT-5.5-Cyber, updates to the Codex Security plugin, the Patch the Planet program, and the Daybreak Cybersecurity Partner Program. GPT-5.5-Cyber achieved a score of 85.6% on the CyberGym benchmark, surpassing GPT-5.5's 81.8% and Anthropic Mythos 5's 83.8%, making it the highest-scoring single model. The model is designed for authorized defensive tasks, with capabilities including vulnerability tracking, verification, and patch generation.

Codex Security Plugin Update

Since its research preview in March, Codex Security has scanned over 30 million commits, covering more than 30,000 codebases, with manually confirmed fixes for over 70,000 findings and automatically determined fixes for over 500,000. The updated plugin supports out-of-the-box defensive workflows, including deep scanning, threat modeling, attack path tracing, and patch generation, and can be integrated into Codex CLI or applications.

Patch the Planet Program

OpenAI has partnered with Trail of Bits to launch Patch the Planet, funding security researchers to use Codex Security and advanced models to collaborate directly with open-source maintainers on fixing vulnerabilities. Over 30 initial projects have joined, including cURL, Go, Python, and Sigstore. A five-day sprint discovered hundreds of issues across 19 projects and merged dozens of patches.

Codex Log Write Vulnerability

However, almost simultaneously, a serious log write issue was exposed in Codex: during streaming tasks and long-running operations, it writes TRACE logs to a local SQLite log file at approximately 5 MB/s, with an estimated annual write volume of 640 TB, enough to wear out a consumer-grade SSD within a year. The issue was first reported in April and gained widespread attention on June 14 with issue #28224. OpenAI researcher Vaibhav Srivastav responded that the issue has been fixed and recommended users upgrade to the latest version.

Partnerships and Government Collaboration

OpenAI has launched the Daybreak Cybersecurity Partner Program, collaborating with nearly 30 security companies including Cisco, CrowdStrike, Palo Alto Networks, and Cloudflare to extend model capabilities to more organizations. On the government front, OpenAI has established trusted cybersecurity access collaborations with agencies in the US, UK, EU ENISA, and others.